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REMARKS 

The claim numbering has been corrected to renumber the first occurrence of claim 26 
to instead be claim 25. 

Claims 1, 7, 8 and 26 are amended to describe subject matter considered to be the 
invention and to more clearly distinguish over the art of record. In particular, the claims are 
amended to clarify that the signaling gateway is configured "to exchange said control data 
messages between said remote communication network and [the] central office switching 
systems bv way of [the] signaling communication system". The added language makes 
explicit that the signaling gateway (and thereby the signaling system security monitor) 
service several central office switching systems. 

Claims 1-32 are rejected under 35 U.S.C. 103(a) as being unpatentable over Silva 
(U.S. Patent No. 5,987,035) in view of Heilmann et al (U.S. Patent No. 6,718,024). 
According to the Examiner, Silva teaches all of the elements of Claim 1 except that: 

Silva does not exactly teach a signaling gateway that is 
separate from the central office switching systems and connected to 
said signaling communications system, said signaling gateway 
including an interface connected to a remote communications network 
and configured to exchange said control data messages between said 
remote communication network and said signaling communication 
system. 

However, Heilmann teaches a system and method for 
discriminating call content types for individual telephone lines at a 
plurality of user sites outside of a Public Switched Telephone Network 
(PSTN). See abstract of the invention. The use of a gateway is obvious 
and must between two networks that are communicating between each 
other, Heilmann also teaches the gateway including an interface (this 
interface reads on the line interface unit 201, Fig, 2A, and coL 5, line 
20). 

Therefore, it would have been obvious to one of ordinary skill 
in the art at the time the invention was made to incorporate the feature 
of having a signaling gateway that is configured to exchange said 
control data messages between two communication networks, as 
taught by Heilmann, into the Silva system in order to ensure that the 
messages, that are received and sent to each network already 
screened, verified, and filtered based on the set rules. 
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The rejection is respectfully traversed in view of the amendments to the claims and 
the remarks that follow. 

As an initial point, it is noted that Silva specifically teaches providing "a/ each SSP^ a 
signaling unit containing a message configuration template..." Silva Abstract, emphasis 
added. Hius, from its outset, the patent dis(plosure teaches away from a system such as p>er 
the invention in which a conrnion facility, located remotely from the destination switches, 
provides a gateway function to check incoming messages for all of the destination switches. 
In view of the explicit teachings of Silva, it would be improper to modify the system therein 
described to encompass Applicant's claimed invention. 

Substantively, the Silva disclosure described a fundamentally different system than 
that of Applicant's invention. Silva is directed to an implementation of an SS7 front end to a 
switch that is otherwise not SS7-capable. Silva never mentions or suggests performing any 
security function. Instead, it appears that the utility of Silva's system is that it facilitates the 
enhancement of that front end to receive new (perhaps non-standard) messages. Rather than 
updating software code, the manufacturer (or perhaps the operator) can simply add a new 
template. As with all SS7-capable switches, this one performs some checks on the incoming 
messages. This is a necessary function of all SS7-capable switches. Any such checks are 
fairly rudimentary. However, Silva does not perform security monitoring of a control 
channel so as to monitor control messages destined for a network of switches. 

Further, even if the message checking performed or suggested by Silva were anything 
but basic message integrity checks, there still remains a difference between performing 
security checks at a gateway and performing them at a switch. In particular, a switch is 
obligated to maintain the state of its trunks, and any transactions that are in progress; it 
cannot function otherwise. In contrast, a security gateway is not required to, nor is there any 
suggestion that it, maintain status information about the associated switches. While the 
Examiner appears to take the position that the checks performed include a check on the 
propriety of a received message based on the state of the referenced trunk such a check is not 
found or suggested by Silva. It is respectfully asserted that the Examiner's position is, at best, 
an unsubstantiated inference based on hindsight gleaned from a reading of Applicant's 
disclosure. 
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Another feature of Applicant's signaling system security monitor absent from the 
applied art is that it stores and is responsive to states of respective central office switching 
systems. See, e.g., clafms 9 and 20-23. While it appears to be the Examiner's position that a 
"state machine" is suggested by the applied art, this term as used therein is different from the 
specific meaning attributable from Applicant's disclosure. That is, the prior art does not 
suggest monitoring the state of a communications system as required by Applicants* claims. 

A "state machine" as used in Applicant's disclosure refers to the process of keeping 
track of the states of various trunks, calls and transactions and to determine whether valid 
messages are appropriate in light of the maintained state. 

State-based screening examines messages based on the context 
in which the messages arrive. To implement state-based screening, the 
Security Gatekeeper maintains information on the states of calls 
and/or transactions for which the screening is performed. Examples 
include Call Setup and Transaction query/response. The Security 
Gatekeeper maintains the status of the underlying state machines, 
which define the possible call and/or transaction states and the 
legitimate transitions from one state to another as well as the 
relationships between parameters in successive messages. Such a 
state transition table or graph would be used, for example, to allow an 
ACM, ANM or REL message in response to an JAM, but would 
prohibit an RLC message. 

Applicant's disclosure at page 1 1 , lines 6-14; 

.,,the signaling system security monitor includes a memory storing 
states of respective ones of the central office switching systems and 
their individual components (e.g., trunks), as well for transactions 
carried on between two or more Signaling Points. The processor 
utilizes knowledge of the states to determine if the control messages 
are proper. Propriety may be predefined by a template, table, set or 
rules and/or logic relationship and/or include simulation of the target 
system to predict an effect on the target and related systems and 
whether such effect would be acceptable or be or have undesirable 
consequences. 

Id at page 14, lines 10-17; and 

...The Security Gatekeeper further checks message content in 
consideration of other messages and system status so as to identify, 
intercept, modify and/or reject improper or inappropriate messages. 
Tliis [signaling message] check is preferably accomplished using rules 
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and message templates selected in response to previous related 
messaging, current system stattis or state, and agreed upon sets of 
services to be provided to the interconnected party(ies). 

Id at page 22, line 27 - page 23, line 1 . 

The use of template based screening ensures that proprietary inter-network services 
continue to operate consistent with negotiated agreements with interfacing networks. Where 
such services are implemented via a query message, i.e., a query/response exchange with one 
or more databases or other nodes, the Security Gatekeeper includes protocol templates 
specifying the message exchange necessary to implement the service. This template 
identifies the formats of the invoking queries, including allowed message types, mandatory 
and optional parameters, and ranges of parameter values. The templates may also be specific 
to the destination point code. For example, templates may be SSP specific to account for 
differences between switches provided by different manufacturers or specific to a particular 
OPC to limit the type (and possibly number) of control messages received and/or processed 
fi-om a particular system. Likewise, pairs of templates may be used to map between SP (e.g., 
SSP, STP and SCP) formats and protocol requirements. 

In contrast, Silva uses the term "state machine" in a far more general sense. For 
example, at column 1, lines 55 - 60, Silva describes a state machine functioning to parse a 
received message and pass parameters contained in the message to the local switch matrix. 
This process has nothing to do with and does not suggest that it be responsive to call or trunk 
state. According to Silva, only after that description of the function of a state machines at 
coliunn 2, lines 4-17, does the summary address (see lines 18 - 24) the use of templates to 
assess whether "their contents are consistent with the specified formats of those messages." 
This function is performed by a state machine (lines 21 - 24). Thus, the use of the term "slate 
machine" as used by Silva does not include or suggest keeping track of the state of calls or 
transactions. 

Specifically, Silva uses the term "state machine** with reference to processing function 
96 (column 5, line 25), event generator 104 (column 5, line 32 - 33), translator 106 (column 
5, lines 38 - 39) and translation unit 108 (column 5, lines 52 - 54). Silva fiirther describes at 
column 5, lines 33 34 that "[a] single state machine may be used to parse several related 
messages such as the call setup messages" [emphasis added]. Thus, it is clear that Silva's use 
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of the teim "state machine" does not include or suggest maintaining a call state. Instead, 
Silva uses it as a general term of art as in the field of software engineering: 

In general, a state machine is any device that stores the status 
of something at a given time and can operate on input to change the 
status and/or cause an action or output to take place for a?iy given 
change, A computer is basically a state machine and each machine 
instruction is input that changes one or more states and may cause 
other actions to take place. Each computer's data register stores a 
state. The read-only memory from which a boot program is loaded 
stores a state (the boot program itself is an initial state). The operating 
system is itself a state and each application that runs begins with some 
initial state that may change as it begins to handle input. Thus, at any 
moment in time, a computer system can be seen as a very complex set 
of states and each program in it as a state machine. In practice, 
however t state machines are used to develop and describe specific 
device or program interactions, 

Whatis.com definition: http://whatis.techtarget.com/definition/0.,sid9 gci21 3052,00.htmL 

The fact that Silva does not consider the state of transactions is further clear from the 
description that the Silva system is used only for the processing messages of the ISDN User 
Part (ISUP) (see column 4, lines 48 - 50). While this does not mean that the Silva device 
operates independent of any state information, it does so only in a limited, conventional way. 
That is, the Silva device is an integral part of a switch, and a switch must keep track of call 
state. However, there is a significant difference between a switch that must keep track of the 
state of its own calls and trunks in order to operate correctly, and a gateway device as 
claimed, enhanced to keep track of call and trunk state (as well as transaction state) of 
multiple switches (and other nodes) in order to insure tfiat inappropriate messages never 
reach those switches. To the contrary. Applicants have found that the screening implemented 
by switch vendors generally does not provide complete security against inappropriate 
messaging. Thus, the present application is directed to embodiments that provide more 
extensive protection, on a network-wide basis. 

Addressing Heilmann, that disclosure describes the bearer content of traffic on the 
customer side of the switch, i.e., external to the Public Switched Telephone Network 
("PSTK*). It differs from Applicant*s invention and the system described by Silva in at least 
two crucial ways: 
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a) Heilmann deals with traffic outside of the PSTN and/or other networks, rather than 
traffic within; and 

(b) Heilmann addresses bearer traffic rather than signaling traffic. 

Contrary to the position taken by the Examiner, Heilmann is not directed to a gateway 
between networks. Instead, Heilmann describes a "telecommunications firewall" (See 
Heilmann at column 4, lines 37 - 38). Applicant agrees that firewalls that examine bearer 
traffic are considered to be conventional. However, Heilmann fails to describe or suggest 
recognizing and reacting to inappropriate signaling; instead being directed to the 
unauthorized use of customer lines to transport certain kinds of bearer traffic. This is clearly 
distinct and separable from Applicant's claimed invention having a signaling system security 
monitor including message templates corresponding to approved control data messages. 

For the reasons presented above, neither Silva nor Heilman, alone or in combination, 
describe or suggest the subject matter of the pending claims including, inter alia,: 

(D) a signaling gateway, separate from the central office 
switching systems and connected to said signaling communications 
systejn, said signaling gateway including an interface connected to a 
remote communications network and configured to exchange said 
control data messages between said remote communication network 
and said central office switching systems by way of said signaling 
communication system, and 

(E) a signaling system security monitor, separate from the 
central office switching systems, said signaling system security 
monitor including a plurality of message templates corresponding to 
approved ones of said control data messages. 

Claim 1 ; or 

storing a plurality of control message templates; 

exchanging control data messages between a remote 
communication network and a plurality of switching systems via a 
local signaling communication system; 

selecting ones of said control message templates in respofise to 
respective ones of said control messages; 

determining, using said templates, if said control data messages 
are proper; 

selectively communicating, in response to said determining step, 
control data messages between said central office switching systems; 
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selectively routing messages from an incoming link to an outgoing 
link in response to said control data messages; attd 

selectively generating control messages to help restore system 
integrity in cases where control messages are disallowed. 



Claim 26. 

Each of the dependent claims is also believed to be distinguishable and patentable 
over the art of record both as dependent from the allowable subject matter of their respective 
base and any intervening claims and by including further subject matter not found in or 
suggested by the art of record. For example, claim 9 recites: 

The communications network according to claim J wherein 
said signaling system security monitor includes a memory storing 
states of respective ones of said central office switching systems, said 
signaling system security monitor responsive to said states for 
selecting ones of said templates. 

As fiilly detailed above, the prior art fails to describe or suggest a signaling system 
security monitor storing and responding to the state of a plurality of separate central ofiice 
switching systems. 

The outstanding rejections of the claims are further believed to be improper for lack 
of motivation for combining the references as applied by the Examiner. 

The initial burden is on the examiner to provide some suggestion of 
the desirability of doing what the inventor has done. "To support the 
conclusion that the claimed invention is directed to obvious subject 
matter, either the references must expressly or impliedly suggest the 
claimed invention or the examiner must present a convincing line of 
reasoning as to why the artisan would have found the claimed 
invention to have been obvious in light of the teachings of the 
references." Ex parte Clapp^ 221 USPQ 972, 973 (Bd. Pat. App. & 
Inter. 1985). 

M.P.E.P. §706.020): Contents of a 35 U.S.C. 103 Rejection and §2143.01: Suggestion or 
Motivation To Modify the References - The Prior Art Must Suggest The Desirability 
Of The Claimed Invention. 

The mere fact that references can be combined or modified does not 
render the resultant combination obvious unless the prior art also 
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suggests the desirability of the combination. In re Mills, 916 F.2d 680, 
16 USPQ2d 1430 (Fed. Cir. 1990). 

Id. 

The Examiner's reasoning for combining the references is that: 

...it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to incorporate the feature of having a 
signaling gateway that is configured to exchange said control data 
messages between two communication networks, as taught by 
Heilmann, into the Silva system in order to ensure that the messages, 
that are received and sent to each network already screened, verified, 
and filtered based on the set rules. 

Office Action at page 4. 

However, the Examiner*s rationale is flawed since there is no recognition by the 
applied art of the problems nor any suggestion for making the asserted combination so as to 
address such a problem. 

The mere fact that references can be combined or modified does not render the 
resultant combination obvious unless the prior art also suggests the desirability of the 
combination. In re Mills. 916 F.2d 680, 16 U.S.P.Q.Zd 1430 (Fed. Cir. 1990), Although a 
prior art device "may be capable of being modified to run the way the apparatus is claimed, 
there must be a suggestion or motivation in the reference to do so." (916 F.2d at 682, 16 
U.S.P.Q.2dat 1432.). 

It is well established that, even if all aspects of the claimed invention were 
individually known in the art, such is not sufficient to establish a prima facie case of 
obviousness without some objective reason to combine the teachings of the references. Ex 
parte Levengood, 28 U.S.P.Q.2d 1300 (Bd. Pat. App. & Inter. 1993). It is, therefore, 
incumbent upon the Examiner to provide some suggestion of the desirability of doing what 
the inventor has done in the Examiner's formulation, imposition and maintenance of a 
rejection under 35 U.S.C. 103(a), ''To support the conclusion that the claimed invention is 
directed to obvious subject matter, either the references must expressly or impliedly suggest 
the claimed invention or the Examiner must present a convincing line of reasoning as to why 
the artisan would have found the claimed invention to have been obvious in light of the 
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teachings of the references." Ex parte Clapp, 227 U.S.P.Q. 972, 973 (Bd. Pat App. & Inter. 
1985). 

Thus, for the reasons presented, the rejection of all claims is believed to be improper 
and withdrawal thereof is respectfully requested. 

In sununary, claims 1 - 32 are now considered to be in condition for allowance. 
Favorable reconsideration of the application, as amended, and an early notification of 
allowance are respectfully requested. 

Applicants have filed concurrently herewith a Petition for a One-Month Extension of 
Time. However, if any other or additional fee is due, please charge our Deposit Account No. 
07-2347 from which the undersigned is authorized to draw and please credit any excess fees 
to such deposit account. 



Verizon Corporate Services Group 
600 Hidden Ridge Drive 
MaU Code: HQE03H14 
Irving, Texas 75038 
(972)718-4800 
CUSTOMER NO. 32127 

Date: April 18, 2005 



Respectfully submitted. 
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